1. Field of the Invention
The present invention relates in general to data processing systems and, in particular, to a data processing system and method for maintaining multiple, secure private keys in a non-secure storage device. Still more particularly, the present invention relates to a data processing system and method for maintaining multiple, secure private keys in a non-secure storage device by encrypting the private keys utilizing a master public key stored in protected storage prior to storing the user private keys in the non-secure storage device.
2. Description of the Related Art
Personal computer systems are well known in the art. They have attained widespread use for providing computer power to many segments of today's modern society. Personal computers (PCs) may be defined as a desktop, floor standing, or portable microcomputer that includes a system unit having a central processing unit (CPU) and associated volatile and non-volatile memory, including random access memory (RAM) and basic input/output system read only memory (BIOS ROM), a system monitor, a keyboard, one or more flexible diskette drives, a CD-ROM drive, a fixed disk storage drive (also known as a “hard drive”), a pointing device such as a mouse, and an optional network interface adapter. One of the distinguishing characteristics of these systems is the use of a motherboard or system planar to electrically connect these components together. Examples of such personal computer systems are IBM's PC 300 series, Aptiva series, and Intellistation series.
Encryption algorithms are known to ensure that only the intended recipient of a message may read and access the message. One known encryption algorithm is an asymmetric, or public key, algorithm. The public key algorithm is a method for encrypting messages sent from a first computer system to a second computer system. This algorithm provides for a key pair including a public key and a private key for each participant in a secure communication. This key pair is unique to each participant. An example of such an encryption scheme is an RSA key pair system.
Prior to the first computer system transmitting a message, the first computer system obtains the public key of the intended recipient of the message, in this case the second computer system. The public key of the second system is obtained by the first computer system from the second computer system. The first computer system then encrypts the message using the public key of the second computer system. The message is then transmitted to the computer identified by the public key, i.e. the second computer system. Upon receipt of the message, the second computer utilizes its private key to decrypt the message.
A key pair is also typically established for each user within a computer system for each application. A user may be a person, a device, an application, or anything else that may access an application. Therefore, many key pairs must be maintained by a computer system. Protected storage is required to store the key pairs. The protected storage is typically a storage device having very limited storage space. Because it takes a large number of bytes of protected storage to store a single RSA key, it is impractical to maintain multiple private keys in the protected storage.
Therefore a need exists for a data processing system and method for maintaining multiple, secure private keys in non-secure storage.